package com.zyh.security;

import com.zyh.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserService userService;
    @Autowired
    private PasswordEncoder passwordEncoder;
    @Autowired
    private AuthenticationProvider authenticationProvider;
    @Bean
    public static PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    @Bean
    public AuthenticationProvider authenticationProvider(){
        DaoAuthenticationProvider provider=new DaoAuthenticationProvider();
        provider.setHideUserNotFoundExceptions(false);
        provider.setUserDetailsService(userService);
        provider.setPasswordEncoder(passwordEncoder);
        return provider;
    }

    protected void configure(AuthenticationManagerBuilder auth) throws Exception{
        auth.authenticationProvider(authenticationProvider);
    }

    protected void configure(HttpSecurity http)throws Exception{
        http.authorizeRequests()
                .antMatchers("/").permitAll()//定义主页不需要验证
                .antMatchers("/toLogin").permitAll()
                .antMatchers("/adminLogin").hasRole("ADMIN") //管理员界面需要管理员权限才可访问
                .antMatchers("/inspectorLogin").hasRole("INSPECTOR") //核酸检测界面需要核酸检测人员权限才可访问
                .antMatchers("/workerLogin").hasRole("WORKER") //防疫员界面需要防疫员权限才可访问
                .antMatchers("/studentLogin").hasRole("STUDENT") //学生界面需要学生权限才可访问
                .anyRequest().authenticated()//其余的所有请求都需要验证
                .and().logout().logoutUrl("/logout").logoutSuccessUrl("/logoutSuccess").permitAll()
                //定义logout不需要验证,logoutUrl定义用户注销的地址，logoutSuccessUrl定义用户注销后跳转界面
                .and().formLogin()//使用form表单登录
                .loginPage("/toLogin")//自定义登录页面
                .usernameParameter("username")
                .passwordParameter("password")
                .loginProcessingUrl("/doLogin")//自定义登录逻辑
                .and().csrf().disable();// 禁用跨站攻击
//        http.formLogin()
//                .loginPage("/login")// 自定义登录页面路径
//                .loginProcessingUrl("/authentication/form")// 自定义页面的登录路径，注意要与登录页面的action值一致，<form action="/authentication/form" method="post">
//                .and()
//                .authorizeRequests() // 定义哪些URL需要被保护、哪些不需要被保护
//                .antMatchers("/login").permitAll()// 设置所有人都可以访问登录页面
//                .anyRequest().authenticated()  // 除了以上的请求外都需要身份验证
//        ;
//       http.csrf().disable();// 禁用跨站攻击
    }

}
